.TH run 8
'''
.SH NAME
\fBrun\fR \- set process properties and exec specified command.
'''
.SH SYNOPSIS
\fBrun\fR [\fIoptions\fR] \fIcommand\fR \fIargs\fR ...
'''
.SH DESCRIPTION
\fBrun\fR allows configuring process attributes of a newly spawned
command. All requested changes are applied before \fIcommand\fR is
started.
.P
\fBrun\fR is intended for privileged users, as one of its main uses
is spawning commands with limited privileges. Some of the options
may work for regular users, but most will not.
.P
Another use for \fBrun\fR is searching $PATH and doing output redirects
without calling \fBsh\fR(1) or some other shell.
'''
.SH USAGE
The following options are accepted:
.IP "\fB-u\fR\fIuser\fR" 4
Set user, see \fBsetuid\fR(2).
.IP "\fB-g\fR\fIgroup\fR" 4
Set group, see \fBsetgid\fR(2). Multiple \fB-g\fR also set supplementary groups, see \fBsetgroups\fR(2)
.IP "\fB-X\fR\fIcgroup\fR" 4
Add process to specified cgroup.
.IP "\fB-C\fR\fIdir\fR" 4
Change working directory to \fIdir\fR.
.IP "\fB-l\fR\fIfile\fR" 4
Redirect stdout and stderr to \fIfile\fR.
.IP "\fB-o\fR\fIfile\fR" 4
Redirect stdout to \fIfile\fR.
.IP "\fB-e\fR\fIfile\fR" 4
Redirect stderr to \fIfile\fR.
.IP "\fB-n\fR" 4
Redirect stdout and stderr to /dev/null.
.IP "\fB-s\fR" 4
Start a new session by calling \fBsetsid\fR(2).
.IP "\fB-R\fR\fIdir\fR" 4
Change root directory to \fIdir\fR.
Arguments for \fB-C\fR, \fB-l\fR, \fB-o\fR, \fB-e\fR will be taken relative to the new root.
.IP "\fB-r\fIN\fR" 4
Change process priority (renice) to \fIN\fR, see \fBsetpriority\fR(2).
Note \fBrun\fR uses kernel scale 1..40, with default priority 20 and
highest priority 1.
.IP "\fB-m\fR\fImask\fR" 4
Set \fBumask\fR(2) for the spawned process.
.IP "\fB-y\fR" 4
Set stdout as the controlling TTY; see TIOCSCTTY in \fBtty_ioctl\fR(4).
.IP "\fB-c\fR" 4
Exec \fBsh -c \fIcommand args\fR instead of just \fIcommand args\fR.
.IP "\fB-S\fR[\fIflags\fR]" 4
Call \fBunshare\fR(2) to diassociate all of, or only selected parts
of the process execution context:
.PD 0
.RS
.TP
\fBd\fR file descriptors (CLONE_FILES)
.TP
\fBf\fR filesystem (CLONE_FS)
.TP
\fBi\fR System V IPC namespace (CLONE_NEWIPC)
.TP
\fBn\fR network namespace (CLONE_NEWNET)
.TP
\fBm\fR mount namespace (CLONE_NEWNS)
.TP
\fBu\fR UTS IPC namespace (CLONE_NEWUTS)
.TP
\fBv\fR System V semaphore undo values (CLONE_SYSVSEM)
.RE
.PD 1
.IP "\fB+\fIc\fIN\fR[\fB/\fIM\fR]" 4
Set process ulimits. \fIN\fR is soft limit, \fIM\fR is hard limit;
in case only one number is specified, equal hard and soft limits are set.
Possible limits with respective C constants (see \fBsetrlimits\fR(2)):
.PD 0
.RS
.TP
\fBa\fR size of the process's virtual memory (RLIMIT_AS)
.TP
\fBc\fR size of core files created (RLIMIT_CORE)
.TP
\fBd\fR size of a process's data segment (RLIMIT_DATA)
.TP
\fBe\fR scheduling priority (RLIMIT_NICE)
.TP
\fBf\fR size of files written (RLIMIT_FSIZE)
.TP
\fBi\fR number of pending signals (RLIMIT_SIGPENDING)
.TP
\fBl\fR size that may be locked into memory (RLIMIT_MEMLOCK)
.TP
\fBm\fR resident set size (RLIMIT_RSS)
.TP
\fBn\fR number of open files (RLIMIT_NOFILE)
.TP
\fBp\fR number of threads (RLIMIT_NPROC)
.TP
\fBq\fR number of bytes in POSIX message queues (RLIMIT_MSGQUEUE)
.TP
\fBr\fR real-time scheduling priority (RLIMIT_RTPRIO)
.TP
\fBs\fR stack size (RLIMIT_STACK)
.TP
\fBt\fR amount of cpu time in seconds (RLIMIT_CPU)
.TP
\fBx\fR number of file locks (RLIMIT_LOCKS)
.TP
\fBT\fR time in microseconds process with real-time
schedule policy may consume without making a blocking syscall (RLIMIT_RTTIME)
.RE
.PD 1
.P
'''
.SH FILES
.IP "\fB{/var/log}\fR" 4
Default output directory for \fB-o\fR, \fB-e\fR and \fB-l\fR.
.IP "\fB{/sys/fs/cgroup}\fR" 4
Default cgroup directory for \fB-C\fR.
'''
.SH ENVIRONMENT
PATH is used to find specified command. See \fBexecvp\fR(1).
'''
.SH NOTES
This page describes /sbin/run, a tool normally only available to the root user.
For gdb simulator front-end typically installed as /usr/bin/run,
see \fBrun\fR(1).
'''
.SH SEE ALSO
Similar utilities: \fBsu\fR(1), \fBsudo\fR(1), \fBrunuser\fR(1),
\fBulimit\fR in \fBbash\fR(1),
\fBnice\fR(1), \fBcgexec\fR(1), \fBsetsid\fR(1).
.P
Syscalls: \fBsetresuid\fR(2), \fBsetresgid\fR(2), \fBsetrlimit\fR(2),
\fBsetpriority\fR(2), \fBexecve\fR(2), \fBsetsid\fR(2), \fBunshare\fR(2).
.P
General concepts: \fBcredentials\fR(7), \fBnamespaces\fR(7),
documentation/cgroups/ from the kernel source tree.
